Subject: and now: COMPAT_IBCS2 vs. MP
To: None <tech-kern@netbsd.org>
From: J Chapman Flack <flack@cs.purdue.edu>
List: tech-kern
Date: 03/03/2005 21:05:19
And now neatly tying together my two most recent threads of inquiry comes
the latest:
The same ibcs2 COFF executable that now works fine on a non-MP kernel
with the executable-stack patch, spins in fdrelease() forever on an MP
kernel, requiring a hard reset. It only matters that the kernel was
built for MP, not whether it is running on >1 processor.
The call to fdrelease comes from sys_close. It is not the first close()
done in the process, but the first one on /emul/ibcs2/dev/socksys, which
is treated magically. The file can be anything as long as it's there
(mine is c 2,2 as in /dev/null), and the emul code gives it
the semantics expected by the socket library. Again, this works fine, with
successful tcp connections, on a non-MP kernel.
To replicate: the only executable I'm testing with is commercially licensed,
but I get the feeling any ibcs2 test program that does socket operations
will show this behavior as long as it eventually closes socksys.
-Chap
fdrelease+0x45 (struct proc *p=0xcb18d994, int fd=7(/emul/ibcs2/dev/socksys))
ibcs2_syscall_plain at ibcs2_syscall_plain+0x7f
(struct trapframe *frame=0xcb1f7fa8)
ds es fs gs: 1f 1f 1f 1f
edi esi ebp ebx: 0 0 bfbfeeac bfbff8a4
edx ecx eax trapno: 0 0 6 3
err eip cs eflags: 7 54f5c a3 292
esp ss: bfbfee78 1f
syscall 6 is IBCS2_SYS_close, vectored to sys_close
/sys/arch/i386/compile/lundestad/kern_descrip.o: file format elf32-i386
Disassembly of section .text:
00000a28 <fdrelease>:
a28: 55 push %ebp
a29: 89 e5 mov %esp,%ebp
a2b: 57 push %edi
a2c: 56 push %esi
a2d: 53 push %ebx
a2e: 83 ec 1c sub $0x1c,%esp
a31: 8b 45 08 mov 0x8(%ebp),%eax
a34: 8b 50 0c mov 0xc(%eax),%edx
a37: 89 45 f0 mov %eax,0xfffffff0(%ebp)
a3a: 8b 5d 0c mov 0xc(%ebp),%ebx
a3d: 8b 02 mov (%edx),%eax
a3f: 8d 0c 98 lea (%eax,%ebx,4),%ecx
a42: 8b 01 mov (%ecx),%eax
a44: 85 c0 test %eax,%eax
a46: 89 55 ec mov %edx,0xffffffec(%ebp)
a49: 89 45 e8 mov %eax,0xffffffe8(%ebp)
a4c: 0f 84 e8 00 00 00 je b3a <fdrelease+0x112>
a52: 89 c2 mov %eax,%edx
a54: 83 c2 34 add $0x34,%edx
a57: b8 01 00 00 00 mov $0x1,%eax
a5c: 87 02 xchg %eax,(%edx)
a5e: 85 c0 test %eax,%eax
a60: 74 0f je a71 <fdrelease+0x49>
a62: 89 f6 mov %esi,%esi
> a64: f3 90 repz nop
> a66: b8 01 00 00 00 mov $0x1,%eax
> a6b: 87 02 xchg %eax,(%edx)
>> a6d: 85 c0 test %eax,%eax
> a6f: 75 f3 jne a64 <fdrelease+0x3c>
a71: 8b 55 e8 mov 0xffffffe8(%ebp),%edx
a74: f6 42 0c 03 testb $0x3,0xc(%edx)
a78: 0f 85 b5 00 00 00 jne b33 <fdrelease+0x10b>
a7e: 8b 45 e8 mov 0xffffffe8(%ebp),%eax
a81: ff 40 1c incl 0x1c(%eax)
a84: 8b 55 ec mov 0xffffffec(%ebp),%edx
a87: c7 40 34 00 00 00 00 movl $0x0,0x34(%eax)
a8e: 8b 42 04 mov 0x4(%edx),%eax
a91: c7 01 00 00 00 00 movl $0x0,(%ecx)
a97: c6 04 03 00 movb $0x0,(%ebx,%eax,1)
a9b: 3b 5a 20 cmp 0x20(%edx),%ebx
a9e: 7c 7f jl b1f <fdrelease+0xf7>
aa0: 89 df mov %ebx,%edi
aa2: 8b 4d ec mov 0xffffffec(%ebp),%ecx
aa5: c1 ff 05 sar $0x5,%edi
aa8: 3b 59 18 cmp 0x18(%ecx),%ebx
aab: 7d 03 jge ab0 <fdrelease+0x88>
aad: 89 59 18 mov %ebx,0x18(%ecx)
ab0: 8b 45 ec mov 0xffffffec(%ebp),%eax
ab3: 8b 70 10 mov 0x10(%eax),%esi
ab6: 83 3c be ff cmpl $0xffffffff,(%esi,%edi,4)
aba: 74 44 je b00 <fdrelease+0xd8>
abc: 89 d9 mov %ebx,%ecx
abe: 83 e1 1f and $0x1f,%ecx
ac1: b8 fe ff ff ff mov $0xfffffffe,%eax
ac6: d3 c0 rol %cl,%eax
ac8: 21 04 be and %eax,(%esi,%edi,4)
acb: 8b 45 ec mov 0xffffffec(%ebp),%eax
ace: 3b 58 14 cmp 0x14(%eax),%ebx
ad1: 74 18 je aeb <fdrelease+0xc3>
ad3: 8b 4d f0 mov 0xfffffff0(%ebp),%ecx
ad6: 8b 45 e8 mov 0xffffffe8(%ebp),%eax
ad9: 89 4d 0c mov %ecx,0xc(%ebp)
adc: 89 45 08 mov %eax,0x8(%ebp)
adf: 8d 65 f4 lea 0xfffffff4(%ebp),%esp
ae2: 5b pop %ebx
ae3: 5e pop %esi
ae4: 5f pop %edi
ae5: c9 leave
ae6: e9 fc ff ff ff jmp ae7 <fdrelease+0xbf>
ae7: R_386_PC32 closef
aeb: 83 ec 08 sub $0x8,%esp
aee: 53 push %ebx
aef: 50 push %eax
af0: e8 fc ff ff ff call af1 <fdrelease+0xc9>
af1: R_386_PC32 find_last_set
af5: 8b 55 ec mov 0xffffffec(%ebp),%edx
af8: 83 c4 10 add $0x10,%esp
afb: 89 42 14 mov %eax,0x14(%edx)
afe: eb d3 jmp ad3 <fdrelease+0xab>
b00: 89 fa mov %edi,%edx
b02: c1 ea 05 shr $0x5,%edx
b05: 89 f9 mov %edi,%ecx
b07: 89 55 e4 mov %edx,0xffffffe4(%ebp)
b0a: 83 e1 1f and $0x1f,%ecx
b0d: 8b 50 0c mov 0xc(%eax),%edx
b10: b8 fe ff ff ff mov $0xfffffffe,%eax
b15: d3 c0 rol %cl,%eax
b17: 8b 4d e4 mov 0xffffffe4(%ebp),%ecx
b1a: 21 04 8a and %eax,(%edx,%ecx,4)
b1d: eb 9d jmp abc <fdrelease+0x94>
b1f: 83 ec 08 sub $0x8,%esp
b22: 53 push %ebx
b23: ff 75 f0 pushl 0xfffffff0(%ebp)
b26: e8 fc ff ff ff call b27 <fdrelease+0xff>
b27: R_386_PC32 knote_fdclose
b2b: 83 c4 10 add $0x10,%esp
b2e: e9 6d ff ff ff jmp aa0 <fdrelease+0x78>
b33: c7 42 34 00 00 00 00 movl $0x0,0x34(%edx)
b3a: 8d 65 f4 lea 0xfffffff4(%ebp),%esp
b3d: 5b pop %ebx
b3e: 5e pop %esi
b3f: b8 09 00 00 00 mov $0x9,%eax
b44: 5f pop %edi
b45: c9 leave
b46: c3 ret
b47: 90 nop
00000b48 <sys_close>:
b48: 55 push %ebp
b49: 89 e5 mov %esp,%ebp
b4b: 8b 45 08 mov 0x8(%ebp),%eax
b4e: 8b 48 10 mov 0x10(%eax),%ecx
b51: 8b 45 0c mov 0xc(%ebp),%eax
b54: 8b 10 mov (%eax),%edx
b56: 8b 41 0c mov 0xc(%ecx),%eax
b59: 3b 50 08 cmp 0x8(%eax),%edx
b5c: 73 0e jae b6c <sys_close+0x24>
b5e: 89 55 0c mov %edx,0xc(%ebp)
b61: 89 4d 08 mov %ecx,0x8(%ebp)
b64: c9 leave
b65: e9 fc ff ff ff jmp b66 <sys_close+0x1e>
b66: R_386_PC32 fdrelease
b6a: 89 f6 mov %esi,%esi
b6c: b8 09 00 00 00 mov $0x9,%eax
b71: c9 leave
b72: c3 ret
b73: 90 nop